← 返回命令列表

Linux command

stunnel 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Start stunnel with a configuration file

stunnel [/etc/stunnel/stunnel.conf]

Read configuration from a file descriptor

stunnel -fd [0]

Display version and compile-time defaults

stunnel -version

Show available socket options

stunnel -sockets

Show available TLS options

stunnel -options

Display help

stunnel -help

说明

stunnel is a TLS/SSL proxy that wraps arbitrary TCP connections with encryption without requiring any changes to the application code. It uses OpenSSL for all cryptographic operations and supports modern TLS versions. In server mode (the default), stunnel listens for incoming TLS-encrypted connections and forwards them unencrypted to a backend service (e.g. a plain-text IMAP or SMTP daemon). In client mode (`client = yes`), it accepts unencrypted connections from local clients and establishes a TLS-encrypted tunnel to a remote TLS server. Stunnel reads a configuration file that contains global settings and one or more named service sections. Each service section defines an independent tunnel. Multiple tunnels can run within a single stunnel process. It supports inetd-style operation (omit `accept`; stunnel inherits the socket), daemon mode, and launch by systemd. Unix signals control a running daemon: `SIGHUP` reloads the configuration, `SIGUSR1` reopens the log file, and `SIGTERM`/`SIGQUIT`/`SIGINT` shut it down. FTP limitation: stunnel cannot tunnel the FTP data channel because FTP uses dynamically negotiated secondary ports.

参数

configfile
Path to the configuration file to use
-fd _n_
Read configuration from file descriptor _n_ (Unix only)
-help
Display help message
-version
Display version information and compile-time defaults
-sockets
Show default socket options
-options
Show supported TLS/SSL options compiled into OpenSSL

FAQ

What is the stunnel command used for?

stunnel is a TLS/SSL proxy that wraps arbitrary TCP connections with encryption without requiring any changes to the application code. It uses OpenSSL for all cryptographic operations and supports modern TLS versions. In server mode (the default), stunnel listens for incoming TLS-encrypted connections and forwards them unencrypted to a backend service (e.g. a plain-text IMAP or SMTP daemon). In client mode (`client = yes`), it accepts unencrypted connections from local clients and establishes a TLS-encrypted tunnel to a remote TLS server. Stunnel reads a configuration file that contains global settings and one or more named service sections. Each service section defines an independent tunnel. Multiple tunnels can run within a single stunnel process. It supports inetd-style operation (omit `accept`; stunnel inherits the socket), daemon mode, and launch by systemd. Unix signals control a running daemon: `SIGHUP` reloads the configuration, `SIGUSR1` reopens the log file, and `SIGTERM`/`SIGQUIT`/`SIGINT` shut it down. FTP limitation: stunnel cannot tunnel the FTP data channel because FTP uses dynamically negotiated secondary ports.

How do I run a basic stunnel example?

Run `stunnel [/etc/stunnel/stunnel.conf]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does configfile do in stunnel?

Path to the configuration file to use